Annex 4 to DPA
Third party subcontractors
The following list contains all of the subcontractors that WeVideo uses which collects user data.
At minimum, policies/DPAs with our subcontractors must be reviewed annually to ensure they continue to meet our privacy requirements.
| Name | Purpose | Collected Data |
Contains Student Data?
|
|---|---|---|---|
| Amazon Web Services |
Infrastructure and functionality for WeVideo. App server, file storage, database, delivery and more. |
Name, email address, device metadata (ip address), user generated content |
Yes |
| Hubspot |
CRM & Email campaigns (including incident response) |
Name, email address, marketing related usage tracking. |
No, students are opted out. |
| Mixpanel |
Analytics |
Email address (if not student), user activity within application (features used, etc) |
No, anonymized data. |
| Zendesk |
Customer Support |
Email address, and anything the user opts into |
No, unless student opts in. |
| Google Analytics |
Analytics |
Device metadata (ip address) |
No |
| Google Tag Manager (facebook, bing, linkedin, pinterest, twitter, yandex, disqus, addthis, doubleclick.net) |
Managing cookies |
Device metadata (ip address) |
No |
| Fullstory |
Analytics |
User session activity |
No |
| PayPal |
Handling self service (non purchase order) subscriptions. |
PCI compliant data for processing payment and managing subscription (email address, payment info) |
No (unless user signs up for non EDU personal plan) |
| Stripe |
Handling self service (non purchase order) subscriptions. Credit card payments for POs. |
PCI compliant data for processing payment and managing subscription (email address, payment info) |
No (unless user signs up for non EDU personal plan) |
| Baremetrics |
Payment analysis, expired card notification |
Email address |
No (unless user signs up for non EDU personal plan) |
| Salesforce |
CRM software |
Information on leads, quotes |
No |
| TrackJS |
Error tracking |
Error logs (anonymized) |
No |
| sentry.io |
Error tracking |
Error logs (anonymized) |
No |
| Google Play Store |
Handling self service (non purchase order) Android subscriptions. |
PCI compliant data for processing payment and managing subscription (email address, payment info) |
No (unless user signs up for non EDU personal plan) |
| Apple App store |
Handling self service (non purchase order) iOS subscriptions. |
PCI compliant data for processing payment and managing subscription |
No (unless user signs up for non EDU personal plan) |
| Storyblocks |
Stock media library |
Media usage |
No |
| Impact |
Affiliate program |
No |
Non user facing (user will never be subject to this via any cookie, visit or app etc, but could contain data for example if it was breached)
| Name |
Purpose |
Collected Data |
|---|---|---|
|
Google Workplace (Alphabet) |
Enterprise solution (email, etc) |
Potentially PII is stored here from email communication or perhaps forms/documents in Drive |
|
Atlassian |
Development and issue tracker |
Generally userid’s are used here instead of PII, but there are cases where it is relevant and could be exposed in a breach. |
|
Slack |
Company communication |
Potentially PII is stored here from chat communication. |
|
Github |
Code hosting platform for version control and collaboration |
Very unlikely there is any PII here but it’s good to mention. |
|
Tableu |
Data visualization and data analytics tool |
BI |
|
Intacct |
Accounting software |
Invoice information, accounts receivable/payable contact (email address) |
|
Groove |
Salesforce email add on that holds customer and lead information |
PII like names, emails etc |